linux-kernelorg-stable

History

Eric Dumazet 355b985537 netns: provide pure entropy for net_hash_mix() net_hash_mix() currently uses kernel address of a struct net, and is used in many places that could be used to reveal this address to a patient attacker, thus defeating KASLR, for the typical case (initial net namespace, &init_net is not dynamically allocated) I believe the original implementation tried to avoid spending too many cycles in this function, but security comes first. Also provide entropy regardless of CONFIG_NET_NS. Fixes: `0b4419162a` ("netns: introduce the net_hash_mix "salt" for hashes") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Amit Klein <aksecurity@gmail.com> Reported-by: Benny Pinkas <benny@pinkas.net> Cc: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>		2019-03-28 17:00:45 -07:00
..
can.h	can: af_can: give struct holding the CAN per device receive lists a sensible name	2018-01-05 11:12:08 +01:00
conntrack.h	netfilter: conntrack: remove l4proto init and get_net callbacks	2019-01-18 15:02:34 +01:00
core.h	sock: Hide unused variable when !CONFIG_PROC_FS.	2017-12-19 09:58:14 -05:00
dccp.h	…
generic.h	…
hash.h	netns: provide pure entropy for net_hash_mix()	2019-03-28 17:00:45 -07:00
ieee802154_6lowpan.h	…
ipv4.h	net: provide a sysctl raw_l3mdev_accept for raw socket lookup with VRFs	2018-11-07 16:12:38 -08:00
ipv6.h	ipv6: icmp: use percpu allocation	2019-02-24 21:57:26 -08:00
mib.h	…
mpls.h	…
netfilter.h	netfilter: don't allocate space for arp/bridge hooks unless needed	2018-01-08 18:01:11 +01:00
nftables.h	netfilter: nf_tables: use dedicated mutex to guard transactions	2018-07-18 11:26:48 +02:00
packet.h	…
sctp.h	sctp: add stream interleave enable members and sockopt	2017-12-11 11:23:04 -05:00
unix.h	…
x_tables.h	…
xdp.h	net: xsk: track AF_XDP sockets on a per-netns list	2019-01-25 01:50:03 +01:00
xfrm.h	xfrm: policy: store inexact policies in an rhashtable	2018-11-09 11:57:47 +01:00